[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Port 80 Open

On Sun, Oct 28, 2007 at 08:35:30PM -0600, Telly Williams wrote:
> Ansgar, Paolo, and David,
> 	Thanks for the help.  I utilized your ideas and ran nmap and
> 	nothing comes up (I did this from the same host, though).  My

er... is your fw supposed to protect you from yourself? ;)
try a remote scanner like grc.com's.

> 	logs aren't writing anything now, or is it that my ports can't

look at your itables-save, select a chain that goes through LOG, ask grc.com
to strees a port for that chain. See what happens in the logs.

> 	be "seen"?).  Interestingly (to me), ports 0 and 1 come up as
> 	closed (from grc.com, I assume because of the set limits that
> 	make my firewall "adaptive").

If by 'adaptive' you mean the -m state on input, yes. Which is btw true for
any other port you did not open explicitly.

> 	Only a small minority of people use the forward chain, right?  I

dunno ... you need FORWARD only if your machine routes packets for other
machines, eg your machine sits betweeen the LAN and I'net. Or you've got
some fancy virtual machines / alis iface setup.

> 	Currently, I have OUTPUT accepting NEW,ESTABLISHED,RELATED.  If
> 	I'm thinking right about what you said Ansgar, the only thing I
> 	need to worry about in OUTPUT is NEW, so I'm about to change it

you need all 3.

> 	Then why does the site http://www.grc.com keep referring to
> 	ports as being under stealth?  Are they defining "stealth" in a

I guess (checking their port 113 write up) they just mean what the rule
--state ESTABLISHED,RELATED on INPUT does. ie, in their wording, if you have
such rule in INPUT chain (you do, right?) you can proudly say your machine
if fully 'Stealthy(TM)' ;)

> 	different way?  What does one have to gain by propogating this
> 	"marketing babble"?

hype behind fw sw market. Just marketing, in other words. 

For some tech about 'stealth' mode, 'man nmap' - check for -sS -sF -sX 
-sN -sI; also check README and man page for hping2 or hping3 for some other
insights. Good reading.


Reply to: